Man page - mta-sts-daemon(1)
Packages contains this manual
apt-get install postfix-mta-sts-resolver
Manual
MTA-STS-DAEMON
NAMESYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLES
SEE ALSO
NOTES
NAME
mta-sts-daemon - provide MTA-STS policy to Postfix as policy map
SYNOPSIS
mta-sts-daemon [ OPTION ]...
DESCRIPTION
This daemon opens a socket where Postfix can query and retrieve the MTA-STS policy for a domain. The configuration file is described in mta-sts-daemon.yml (5).
MTA-STS, specified in RFC 8461 [0], is a security standard for email servers. When a site configures MTA-STS, other mail servers can require the successful authentication of that site when forwarding mail there.
OPTIONS
-h, --help
show a help message and exit
-v, --verbosity VERBOSITY
set log verbosity level: debug , info (default), warn , error , or fatal .
-c, --config FILE
config file location (default: /etc/mta-sts-daemon.yml )
-g, --group GROUP
change eGID to this group (default: none )
-l, --logfile FILE
log file location (default: none )
-p, --pidfile PIDFILE
name of the file to write the current pid to (default: none )
-u, --user USER
change eUID to this user (default: none )
--disable-uvloop
do not use uvloop even if it is available (default: enabled if available)
EXAMPLES
Configure Postfix in /etc/postfix/main.cf :
smtp_tls_policy_maps
= socketmap:inet:127.0.0.1:8461:postfix
smtp_tls_CApath = /etc/ssl/certs/
Reload Postfix. Then verify it works:
/usr/sbin/postmap -q dismail.de socketmap:inet:127.0.0.1:8461:postfix
This configuration overrides DANE TLS authentication. If you wish to meet the requirement of RFC 8461, section 2, you should list a DANE policy resolver (or a static lookup table for domains known to implement both MTA-STS & DANE) before mta-sts-daemon in smtp_tls_policy_maps.
SEE ALSO
mta-sts-query (1), mta-sts-daemon.yml (5)
NOTES
0.
SMTP MTA Strict Transport Security (MTA-STS) : <https://tools.ietf.org/html/rfc8461>